Apparatus, system and method for accessing internet webpage

ABSTRACT

The present invention discloses an apparatus, system and method for accessing internet webpage. The system includes a user terminal and a proxy server. The user terminal is configured to initiate an access request to the proxy server, the access request including URL information of a target webpage which carries an identifier of requiring security authentication, and receive and display target webpage information outputted from the proxy server. The proxy server is configured to receive the access request, perform security authentication on the URL information of the target webpage which carries the identifier of requiring security authentication according to pre-stored webpage security database information; if the security authentication is passed, obtain the target webpage information and output the target webpage information to the user terminal. By applying the present invention, network delay overload for accessing the internet webpage can be reduced, and user experience can be improved.

FIELD OF THE INVENTION

The present invention relates to security access technology field, andmore particularly, to an apparatus, system and method for accessinginternet webpage.

BACKGROUND OF THE INVENTION

In recent years, with the rapid development of smart user terminals, itbecomes more and more frequent that a user uses a user terminal browserto access an internet webpage. The modes that the user uses the userterminal browser to access the internet webpage (refer to as “webpage”hereinafter) mainly include direct access and proxy server access.

The direct access mode is that when the user uses the user terminalbrowser to access a target webpage, the user terminal browser directlyinitiates an access request to the target webpage. While the proxyserver access mode is that when the user uses the user terminal browserto access all webpages, the access is completed through a pre-set proxyserver. That is to say, the proxy server is responsible for initiatingan access request to the target webpage instead of the user, obtainingthe webpage, performing a webpage conversion if necessary, andoutputting the converted webpage to the user terminal browser fordisplaying. Comparing with the direct access mode, on the one hand, theproxy server access mode may help the user terminal to complete thewebpage conversion so as to return a webpage suitable for layout anddisplaying by the user terminal browser. This can not only reduce theamount of calculation of the user terminal for interpreting scriptlanguage, but also effectively reduce traffic of the user terminal. Onthe other hand, the proxy server itself has a cache function, whichhelps improving speed experience of the user for accessing the webpage.Based on these factors, in practical applications, the user terminalbrowser generally uses the proxy server to perform access. For example,mainstream user terminal browsers such as a QQ user terminal browser,UCweb and Opera Mini and so on, each provide a mechanism of proxy serveraccess.

While bringing much convenience for the user, internet technology alsobrings a security problem. Especially during a process that the userterminal browser accesses the webpage, the related security problemappears gradually. For example, some malicious phishing websites orwebpages trick the user to input account and password information whenthe user accesses the webpage, so as to steal a user account and apassword. Some other malicious websites automatically collect highinformation service fees or deliberately set a charge trap if the useronce connects and accesses the websites. In addition, there are stillsome websites which may affect normal use of the user terminal anddamage the user terminal by issuing a link of Trojan virus installmentpacket. Therefore, the security risk caused by using the user terminalbrowser to access the webpage has become a widely concerned problem inthe current mobile internet.

In order to improve security of using the user terminal browser toaccess the webpage, at present, when the user terminal browser accessesthe internet webpage, the browser's security access can be guaranteedbased on network scanning. That is to say, before the user uses the userterminal browser to download and display a webpage, i.e., whenrequesting an access to a target webpage, the user terminal transmitsUniform Resource Locator (URL) information of the target webpage to asecurity server connected to the internet, and requests the securityserver to authenticate the security of the URL. According to storedwebpage security database information, the security server performssecurity authentication, and returns a security authentication responseresult of the URL to the user terminal. According to the securityauthentication response result, the user terminal performs correspondingoperations: if the security authentication response result is safe, theuser terminal transmits an access request to the proxy server; if thesecurity server determines that a security risk exists in the URL, theuser terminal browser may be configured by the security server to beprohibited from accessing the target webpage, and thus the user terminalcannot initiate an access request for the webpage to the proxy server;or according to security risk prompt information contained in thesecurity authentication response result, the user determines whether toinitiate an access request to the proxy server.

It can be seen from the above, the existing method for accessinginternet webpage uses security data information of each webpagepre-collected by a background (the security server) to authenticate thesecurity of the webpage to which the user requests an access, outputsthe security authentication response result to the user terminal, andthe user terminal determines whether to initiate an access request tothe proxy server according to the security authentication responseresult. Therefore, the security access is achieved. But, after thesecurity authentication is completed, since the security server alsoneeds to transmit the security authentication information to the userterminal and then the user terminal initiates the access request, thus,the user needs to take longer time to access the webpage, resulting incertain network delay overhead. Furthermore, even for a webpage passingthrough the security authentication, there may be many link jumpstherein. If the user needs to access a webpage corresponding to one linkjump, the user terminal also needs to transmit link jump information tothe security server for security authentication. Thus, accessing thewebpage corresponding to the link jump, results in greater network delaywhich reduces the user experience. Moreover, if there is much link jumpinformation, the user terminal needs to frequently communicate with thesecurity server, which increases traffic overload and the cost of theuser.

SUMMARY OF THE INVENTION

In view of the above, a main object of the present invention is toprovide an apparatus for accessing internet webpage, which can reducenetwork delay overload in accessing the internet webpage and improveuser experience.

Another object of the present invention is to provide a system foraccessing internet webpage, which can reduce network delay overload inaccessing the internet webpage and improver user experience.

Still another object of the present invention is to provide a method foraccessing internet webpage, which can reduce network delay overload inaccessing the internet webpage and improve user experience.

In order to achieve the above objects, the present invention provides anapparatus for accessing internet webpage. The apparatus includes anaccess request processing module, a security module, a target webpagepulling module and a webpage security database module,

wherein the access request processing module is configured to receive anaccess request, and if uniform resource locator (URL) information of atarget webpage included in the access request carries an identifier ofrequiring security authentication, output the URL information of thetarget webpage to the security module;

the security module is configured to perform security authentication onthe received URL information of the target webpage according to webpagesecurity database information stored in the webpage security databasemodule, and output the URL information of the target webpage to thetarget webpage pulling module if the security authentication is passed;

the target webpage pulling module is configured to pull webpageinformation from the target webpage according to the received URLinformation of the target webpage and output the webpage information toa user terminal;

the webpage security database module is configured to store the webpagesecurity database information.

A system for accessing internet webpage includes a user terminal and aproxy server,

wherein the user terminal is configured to initiate an access request tothe proxy server, the access request including URL information of atarget webpage which carries an identifier of requiring securityauthentication; and receive and display target webpage informationoutputted from the proxy server;

the proxy server is configured to receive the access request, performsecurity authentication on the URL information of the target webpagewhich carries the identifier of requiring security authenticationaccording to pre-stored webpage security database information; if thesecurity authentication is passed, obtain the target webpage informationand output the target webpage information to the user terminal.

A method for accessing internet webpage includes:

initiating, by a user terminal, an access request including uniformresource locator (URL) information of a target webpage which carries anidentifier of requiring security authentication;

performing, by a proxy server, on the received URL information of thetarget webpage which carries the identifier of requiring securityauthentication according to pre-stored webpage security databaseinformation; if the security authentication is passed, obtaining targetwebpage information and outputting the target webpage information to theuser terminal;

receiving and displaying, by the user terminal, the target webpageinformation outputted by the proxy server.

It can be seen from the above technical solution that the presentinvention discloses an apparatus, system and method for accessinginternet webpage. The system includes a user terminal and a proxyserver. The user terminal is configured to initiate an access request tothe proxy server, the access request including URL information of atarget webpage which carries an identifier of requiring securityauthentication, and receive and display target webpage informationoutputted from the proxy server. The proxy server is configured toreceive the access request, perform security authentication on the URLinformation of the target webpage which carries the identifier ofrequiring security authentication according to pre-stored webpagesecurity database information; if the security authentication is passed,obtain the target webpage information and output the target webpageinformation to the user terminal. Thus, by using the proxy server toextend the safe browsing function of the user terminal browser,authenticating the webpage via configurations of the mobile terminalbrowser and the proxy server and directly pulling the webpageinformation after the security authentication is passed, the networkdelay overload of accessing the internet webpage can be reduced, therebyproviding safe browsing service for the user without adding additionalnetwork delay and improving user experience.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a schematic diagram illustrating a structure of a system foraccessing internet webpage according to one embodiment of the presentinvention;

FIG. 2 is a schematic diagram illustrating a structure of a proxy serveraccording to one embodiment of the present invention;

FIG. 3 is a flowchart illustrating a method for accessing internetwebpage according to one embodiment of the present invention;

FIG. 4 is a flowchart illustrating a method for directly requestingaccess to webpage according to one embodiment of the present invention;

FIG. 5 is a flowchart illustrating a method for link jump accessingaccording to one embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

In order to make objects, technical solutions and advantages of thepresent invention more apparent, the present invention is described infurther detail hereinafter with reference to accompanying drawings andembodiments.

In the prior art, in order to improve security of accessing internetwebpage, a user terminal needs to transmit URL information of a targetwebpage to a security server for security authentication, and determineswhether to use the proxy server to initiate an access to the targetwebpage according to security authentication response informationreturned by the security server. Thus, network delay overload caused byinteraction between the user terminal and the security server isincreased, and user experience is reduced. In one embodiment of thepresent invention, the proxy server is considered to substitute thesecurity server to authenticate the security of the webpage to which theuser submits a request for access. If the webpage to which the userrequests to access passes the security authentication, the user terminaldirectly accesses the webpage to which the user requests to access. Forthe webpage which does not pass the security authentication, the userterminal determines whether to access the webpage according to asecurity authentication response result returned by the proxy server,thus, safe browsing service can be provided to the user without addingadditional network delay.

FIG. 1 is a schematic diagram illustrating a structure of a system foraccessing internet webpage according to one embodiment of the presentinvention. As shown in FIG. 1, the system includes a user terminal and aproxy server.

The user terminal is configured to initiate an access request includingURL information of a target webpage which carries an identifier ofrequiring security authentication to the proxy server, and receive anddisplay target webpage information outputted from the proxy server.

In one embodiment of the present invention, the identifier of requiringsecurity authentication may be pre-determined through negotiation by theproxy server and the user terminal.

Furthermore, the user terminal is also configured to receive a securityauthentication response result returned by the proxy server, determineto access the target webpage, initiate an access request to the proxyserver, the access request including URL information of the targetwebpage which carries an identifier of mandatory access.

The proxy server is configured to receive the access request, performthe security authentication on the URL information of the target webpagewhich carries the identifier of requiring security authenticationaccording to pre-stored webpage security database information; if thesecurity authentication is passed, obtain the target webpage informationand input the target webpage information to the user terminal.

In one embodiment of the present invention, the proxy server is furtherconfigured to, when the security authentication is not passed, returnthe security authentication response result to the user terminal;receive the URL information of the target webpage which carries theidentifier of mandatory access, obtain the target webpage informationand input the target webpage information to the user terminal.

The security authentication response result includes that a securitylevel of the target webpage is unknown and the security level of thetarget webpage is risk.

Furthermore, for a malicious webpage of which the security level is riskor unknown, such as a chargeback website, a phishing website, amalicious information webpage and a Trojan link and so on, theinformation may be directly carried in the security authenticationresponse result to prompt the user that the target webpage is amalicious webpage such as a chargeback website, a phishing website, amalicious information webpage or a Trojan link and so on.

Preferably, the proxy server is further configured to, according toinformation of the user terminal browser carried in the access request,convert the target webpage into a webpage structure suitable for theuser terminal browser, and output the webpage structure to the userterminal to which the access request belongs.

FIG. 2 is a schematic diagram illustrating a structure of a proxy serveraccording to one embodiment of the present invention. As shown in FIG.2, the proxy server includes: an access request processing module, asecurity module, a target webpage pulling module and a webpage securitydatabase module.

The access request processing module is configured to receive an accessrequest, and if URL information of a target webpage included in theaccess request carries an identifier of requiring securityauthentication, output the URL information of the target webpage to thesecurity module.

In one embodiment of the present invention, the access requestprocessing module is further configured to determine outputting the URLinformation of the target webpage to the target webpage pulling moduleif the URL information of the target webpage included in the accessrequest carries an identifier of mandatory access.

The security module is configured to perform security authentication onthe received URL information of the target webpage according to webpagesecurity database information stored in the webpage security databasemodule, and output the URL information of the target webpage to thetarget webpage pulling module if the security authentication is passed.

In one embodiment of the present invention, the security module isfurther configured to return the security authentication response resultto the user terminal when the security authentication is not passed.Furthermore, the security module is also configured to, after thesecurity authentication of the URL information of the target webpage isnot passed, determine that the target webpage cannot be accessedaccording to a pre-configured security policy, and return a securityauthentication response result carrying an identifier of prohibitingaccess. In this way, even the user terminal receives the securityauthentication response result returned by the proxy server anddetermines to access the target webpage, the user terminal does notinitiate the access request to the proxy server and displays informationthat the target webpage is prohibited from being accessed, so as toeffectively protect interests of the user. Of course, in order torespect a choice of the user, even for a webpage having security risks,an entrance of mandatory continued access is also provided for the userin a risk prompt webpage. In this condition, when the user terminalrequests an access to the webpage again, a related security parameter isadded to a GET method (the access request) of a Hypertext TransferProtocol (HTTP) to indicate the proxy server that the URL request ismandatorily requested by the user. After reception, the proxy serverdoes not automatically query the webpage security database, and directlyrequests and returns the webpage instead of the user.

The pre-configured security policy may be that the user is found to be aminor by searching according to user information in the access requestof the user, or, the target webpage relates to filthy content such aspornography, violence and so on.

The target webpage pulling module is configured to pull the webpageinformation from the target webpage according to the received URLinformation of the target webpage and output the webpage information tothe user terminal.

The webpage security database module is configured to store the webpagesecurity database information.

In one embodiment of the present invention, the stored webpage securitydatabase information includes the URL information of the webpage andmapped security level information of the URL information of the webpage.For example, it may be pre-configured that “1” indicates that thesecurity level is safe, “2” indicates that the security level isunknown, “3” indicates that the security level is risk. In this way, ifa value of the mapped security level of the URL information of thewebpage is 1, then it means that the webpage is safe.

Preferably, the proxy server further includes:

a webpage conversion module configured to, according to the informationof the user terminal browser carried in the access request, convert thewebpage information pulled by the target webpage pulling module into awebpage structure suitable for the user terminal browser, output theconverted webpage to the user terminal to which the access requestbelongs.

In practical applications, even for a webpage passing through thesecurity authentication, there may be many link jumps therein. In oneembodiment of the present invention, for the condition that there arelink jumps in the pulled webpage, the proxy server further includes awebpage link information parsing module configured to parse the webpageinformation pulled by the target webpage pulling module, obtain linkjump information contained in the webpage information pulled by thetarget webpage pulling module, output the obtained link jump informationto the security module; receive security level information outputtedfrom the security module, embody the security level information into thelink jump information of the webpage information, output the webpageinformation to the user terminal. Accordingly, the security module isfurther configured to receive the link jump information outputted fromthe webpage link information parsing module, perform the securityauthentication, output the authenticated security level information tothe webpage link information parsing module. When the user terminalbrowses the webpage information and triggers an access to the link jumpin the webpage information, the user terminal further displays thesecurity level information corresponding to the link jump to the user.When the user determines to access the webpage corresponding to the linkjump, the user terminal initiates an access request carrying anidentifier of mandatory access to the access request processing module.

In this way, as mentioned above, even for a webpage having securityrisks, an entrance of mandatory continued access is also provided forthe user in a risk prompt webpage. If the user needs to access thewebpage corresponding to the link jump, it does not need to transmit thelink jump information to the security server again for securityauthentication and this can effectively reduce network delay and networktraffic of accessing the webpage corresponding to the link jump, therebyimproving user experience.

It can be seen from the above description, in the system for accessinginternet webpage according to one embodiment of the present invention,the user terminal initiates the access request including the URLinformation of the target webpage which carries the identifier ofrequiring security authentication to the proxy server, receive anddisplay the target webpage information outputted from the proxy server.The proxy server receives the access request, performs the securityverification on the URL information of the target webpage which carriesthe identifier of requiring security authentication according to thepre-stored webpage security database information; if the securityauthentication is passed, the proxy server obtains the target webpageinformation and output the target webpage information to the userterminal. Thus, by using the proxy server to extend the safe browsingfunction of the user terminal browser, authenticating the webpage viaconfigurations of the mobile terminal browser and the proxy server anddirectly pulling the webpage information after the securityauthentication is passed, the network delay overload of accessing theinternet webpage can be reduced, thereby providing safe browsing servicefor the user without adding additional network delay and improving userexperience. Furthermore, by embodying the related security levelinformation in the link jump information of the webpage information, themalicious webpage such as a chargeback website, a phishing website, amalicious information webpage and a Trojan link and so on, can beeffectively and quickly prompted to the user with increasing of a smallamount of additional network traffic, thereby providing necessary riskprompt to the user without extending webpage waiting time of the user.

FIG. 3 is a flowchart illustrating a method for accessing internetwebpage according to one embodiment of the present invention. As shownin FIG. 3, the process includes:

Step 301, initiating, by a user terminal, an access request includingURL information of a target webpage carrying an identifier of requiringsecurity authentication.

In this step, when the user terminal needs to access the internetwebpage, the user terminal obtains the URL information of the targetwebpage to be accessed. The URL information carries the identifier ofrequiring security authentication. The URL information is encapsulatedin the access request, and is sent to the proxy server.

Step 302, according to pre-stored webpage security database information,performing, by the proxy server, the security authentication on thereceived URL information of the target webpage which carries theidentifier of requiring security authentication; determining that thesecurity authentication is passed, obtaining target webpage informationand outputting the target webpage information to the user terminal.

In the step, if the security authentication performed on the URLinformation of the target webpage by the proxy server is passed, theproxy server directly pulls the target webpage information according tothe URL information of the target webpage. The proxy server does notneed to return the authentication information to the user terminal.Thus, network delay overload of accessing the internet webpage isreduced.

Step 303, receiving, by the user terminal, the target webpageinformation outputted from proxy server, and displaying the targetwebpage information.

Preferably, performing the security authentication on the received URLinformation of the target webpage which carries the identifier ofrequiring security authentication further includes:

determining, by the proxy server that the security authentication is notpassed, and returning a security authentication response result to theuser terminal;

receiving, by the user terminal, the security authentication responseresult returned from the proxy server, determining to access the targetwebpage and initiating an access request including URL information ofthe target webpage which carries an identifier of mandatory access tothe proxy server; and

receiving, by the proxy server, the URL information of the targetwebpage which carries the identifier of mandatory access, and performingthe step of obtaining target webpage information and outputting thetarget webpage information to the user terminal.

In practical applications, when the user terminal browser accesses theinternet webpage, there are two conditions: “directly requestingwebpage” and “link jump” according to ways in which the user opens thewebpage. For the condition of direct requesting webpage, an openedtarget webpage does not include URL information of embedded linkedwebpage. For the condition of link jump, an opened webpage includes URLinformation of the embedded linked webpage, and the user may trigger anaccess to another webpage by clicking the URL information of the linkedwebpage in the opened target webpage. In one embodiment of the presentinvention, in order to guarantee the access security of the user, italso needed to perform security authentication on the URL information ofthe linked webpage. The details are described as follows.

FIG. 4 is a flowchart illustrating a method for directly requestingaccess to webpage according to one embodiment of the present invention.As shown in FIG. 4, the process includes:

Step 401, requesting, by a user terminal browser, a proxy server toauthenticate URL;

Step 402, querying, by the proxy server, a webpage security database toobtain security attribute of the URL.

Step 403, determining whether there is a security risk in the securityattribute of the URL. If there is a security risk in the securityattribute of the URL, performing step 404, otherwise, performing step405.

Step 404, generating, by the proxy server, prompt webpage informationaccording to risk type and returning the generated prompt webpageinformation to the user terminal browser.

In the step, the proxy server may directly return a specific webpage toinform the user of the security risk.

Step 405, accessing the webpage corresponding to the URL.

In the step, if there is no security risk in the security attribute ofthe URL, the webpage corresponding to the URL is directly accessed so asto provide service for the user.

FIG. 5 is a flowchart illustrating a method for link jump accessingaccording to one embodiment of the present invention. Whether link jumpoccurs may be determined by using the proxy server to parse pulledtarget webpage information and to determine whether there is link jumpin the target webpage information. If there is link jump in the targetwebpage information, referring to FIG. 5, the process includes:

Step 501, determining, by the proxy server, security attribute of eachURL appearing in a webpage.

In the step, the proxy server receives webpage content returned by thetarget webpage (a web server). The security module of the proxy serverconnects the webpage security database to query security attribute foreach URL contained in the webpage.

Step 502, according to a pre-configured security attribute labelingstrategy, adding, by the proxy server, description of correspondingsecurity attribute values to tags corresponding to some or all of theURLs.

In practical applications, in order to reduce processing complexity ofthe proxy server and the user terminal browser in newly addedattributes, when the security module of the proxy server adds thesecurity attributes, the security module of the proxy server may labelURLs to be labeled according to the pre-configured security attributelabeling strategy. In one embodiment of the present invention, thesecurity attribute labeling strategy includes: a blacklist mechanismlabeling strategy, a whitelisting mechanism labeling strategy and ahybrid list mechanism labeling strategy.

1. The blacklist mechanism: a security attribute value is only added toa tag of a URL in which a security risk exists. Thus, additionalprocessing is not needed for most of normal webpages. Accordingly, whenthe user tries to open a URL which has a security attribute valueindicating risk, the user terminal browser may be blocked in anappropriate way and pop up a prompt message to remind the user.

Of course, as described above, when the user tries to open the URL whichhas the security attribute value indicating risk, the user terminalbrowser may also pop up a prompt of prohibiting an access to the webpageso as to block the access of the user.

The blacklist mechanism can be applied to internet environment with arelatively relaxed requirement for the safe browsing of the userterminal. Thus, only maintaining information of webpages having riskexisted therein can reduce size of the database. Of course, if thewebpage security database is not perfect, missed determination of somesecurity risks may also be caused.

2. The whitelisting mechanism: a security attribute value is only addedto a tag of a URL which has no security risk. Accordingly, when the usertries to open a URL which has a security attribute value indicatingsafe, the user terminal browser may explicitly notify the user in anappropriate way that the current access is safe. When trying to open aURL which does not have a security attribute value, i.e., other URL ofwhich the security level is unknown or risk, the user terminal browsermay not provide an indication of safe browsing. Of course, in practicalapplications, a risk prompt may be popped up.

The mechanism can be applied to internet environment with a relativelystrict requirement for the safe browsing of the user terminal. Thus,only maintaining information of safe webpages can effectively reducesize of the database. Of course, in practical applications, if thewebpage security database is not perfect, a condition that an originalsafe URL may not be explicitly indicated by the browser is caused.

3. The hybrid list mechanism: for a URL which has no security risk, asecurity attribute value is added to a tag of the URL to indicate thatthe URL is safe; for an uncertain URL, e.g., a URL which is not found inthe webpage security database or has a security risk existed therein,additional processing is not performed, or an attribute value meaningunknown security or risk is added to a tag of the URL.

In the mechanism, the webpage security database needs to maintain thewhole amount of URL information, thus, the browser may provide moreclear security indications.

In the above examples, a range of values for the security attributevalue relies on security status descriptions of websites, and thesecurity status descriptions include three categories: safe, unknown andrisk. The risk may be further categorized as the risk caused by achargeback website, the risk caused by a virus website, the risk causedby a Trojan website, the risk caused by a false information website, therisk caused by a phishing website etc. The information can be indicatedby a specific ID with a unified agreement established between the proxyserver and the browser, thereby facilitating the browser to display adetailed risk type prompt for the user.

In the step, the security module adds a search result to a webpagescript as an attribute value. For example, a normal link jump can beexpressed as: <a href=“http://www.qq.com” >QQ</a>; the security moduleof the proxy server adds an attribute value of “security_level”, and thenew link jump can be expressed as <a href=“http://www.qq.com”security_level=“1” >QQ</a>, wherein the value “1” indicates a safe URL.

In addition, in order to reduce the handling complexity of the browser,for all of the mechanisms, the proxy server can use a duplicationdeletion method when the proxy server identifies the security attributevalue. Thus, the security attribute value will not be added to the sameURL repeatedly, and calculation overload of the browser for parsing thetag of the URL can be reduced.

Step 503, parsing, by the user terminal browser, a tag of each URL inthe webpage, recording a security attribute value of the tag of eachURL, and employing an appropriate prompt based on the security attributevalue of each URL when displaying a page.

In the step, the user may determine whether to access the link jumpcorresponding to the URL according to the prompt information. If theaccess is determined, an access request including the URL information ofthe target webpage which carries the identifier of mandatory access isinitiated to the proxy server.

The foregoing are only preferred embodiments of the present invention,and are not used to limit the present invention. Any modification,equivalent replacement, or improvement made without departing from thespirit and principle of the present invention should fall within thescope of the present invention.

The invention claimed is:
 1. An apparatus for accessing internetwebpage, comprising an access request processing module, a securitymodule, a target webpage pulling module and a webpage security databasemodule, wherein the access request processing module is configured toreceive an access request, and if uniform resource locator (URL)information of a target webpage included in the access request carriesan identifier of requiring security authentication, output the URLinformation of the target webpage to the security module; the securitymodule is configured to perform security authentication on the receivedURL information of the target webpage according to webpage securitydatabase information stored in the webpage security database module, andoutput the URL information of the target webpage to the target webpagepulling module if the security authentication is passed; the targetwebpage pulling module is configured to pull webpage information fromthe target webpage according to the received URL information of thetarget webpage and output the webpage information to a user terminal;the webpage security database module is configured to store the webpagesecurity database information; wherein the security module is furtherconfigured to return a security authentication response result to theuser terminal when the security authentication is not passed; the accessrequest processing module is further configured to determine whether theURL information of the target webpage included in the access requestcarries an identifier of mandatory access, and output the URLinformation of the target webpage to the target webpage pulling moduleif the URL information of the target webpage included in the accessrequest carries the identifier of mandatory access.
 2. The apparatusaccording to claim 1, wherein the security module is further configuredto, after the security authentication is not passed, determine that thetarget webpage ought not to be accessed according to a pre-configuredsecurity policy, and return a security authentication response resultcarrying an identifier of prohibiting access.
 3. The apparatus accordingto claim 2, wherein the security authentication response resultincludes: a security level of the target webpage is unknown and thesecurity level of the target webpage is unknown.
 4. The apparatusaccording to claim 1, wherein the apparatus further comprises: a webpageconversion module configured to, according to information of a userterminal browser carried in the access request, convert the webpageinformation pulled by the target webpage pulling module into a webpagestructure suitable for the user terminal browser, output the convertedwebpage structure to the user terminal to which the access requestbelongs.
 5. The apparatus according to claim 4, wherein the apparatusfurther comprises: a webpage link information parsing module configuredto parse the webpage information pulled by the target webpage pullingmodule, obtain link jump information contained in the webpageinformation pulled by the target webpage pulling module, output theobtained link jump information to the security module; receive securitylevel information outputted from the security module, embody thesecurity level information into the link jump information of the webpageinformation, and output the webpage information to the user terminal;the security module is further configured to receive the link jumpinformation outputted from the webpage link information parsing module,perform the security authentication, output the authenticated securitylevel information to the webpage link information parsing module.
 6. Asystem for accessing internet webpage, comprising: a user terminal and aproxy server, wherein the user terminal is configured to initiate anaccess request to the proxy server, the access request including uniformresource locator (URL) information of a target webpage which carries anidentifier of requiring security authentication; and receive and displaytarget webpage information outputted from the proxy server; the proxyserver is configured to receive the access request, perform securityauthentication on the URL information of the target webpage whichcarries the identifier of requiring security authentication according topre-stored webpage security database information; if the securityauthentication is passed, obtain the target webpage information andoutput the target webpage information to the user terminal; wherein theproxy server comprises: an access request processing module, a securitymodule, a target webpage pulling module and a webpage security databasemodule; wherein the access request processing module is configured toreceive an access request, and if URL information of a target webpageincluded in the access request carries an identifier of requiringsecurity authentication, output the URL information of the targetwebpage to the security module; the security module is configured toperform security authentication on the received URL information of thetarget webpage according to webpage security database information storedin the webpage security database module, and output the URL informationof the target webpage to the target webpage pulling module if thesecurity authentication is passed; the target webpage pulling module isconfigured to pull the webpage information from the target webpageaccording to the received URL information of the target webpage andoutput the webpage information to the user terminal; the webpagesecurity database module is configured to store the webpage securitydatabase information; wherein the proxy server further comprises: awebpage conversion module configured to, according to information of auser terminal browser carried in the access request, convert the webpageinformation pulled by the target webpage pulling module into a webpagestructure suitable for the user terminal browser, output the convertedwebpage structure to the user terminal to which the access requestbelongs.
 7. The system according to claim 6, wherein the proxy server isfurther configured to, when the security authentication is not passed,return a security authentication response result to the user terminal;receive URL information of the target webpage which carries anidentifier of mandatory access, obtain the target webpage information ofthe target webpage and input the target webpage information to the userterminal; the user terminal is further configured to receive thesecurity authentication response result returned by the proxy server,determine to access the target webpage, initiate an access request tothe proxy server, the access request including the URL information ofthe target webpage which carries the identifier of mandatory access. 8.The system according to claim 6, wherein the proxy server furthercomprises: a webpage link information parsing module configured to parsethe webpage information pulled by the target webpage pulling module,obtain link jump information contained in the webpage information pulledby the target webpage pulling module, output the obtained link jumpinformation to the security module; receive security level informationoutputted from the security module, embody the security levelinformation into the link jump information of the webpage information,output the webpage information to the user terminal; the security moduleis further configured to receive the link jump information outputtedfrom the webpage link information parsing module, perform the securityauthentication, output the authenticated security level information tothe webpage link information parsing module; when the user terminalbrowses the webpage information and triggers an access to the link jumpin the webpage information, the user terminal further displays thesecurity level information corresponding to the link jump to the user;and when the user determines to access the webpage corresponding to thelink jump, the user terminal initiates an access request carrying anidentifier of mandatory access to the access request processing module.9. A method for accessing internet webpage, comprising: initiating, by auser terminal, an access request including uniform resource locator(URL) information of a target webpage which carries an identifier ofrequiring security authentication; performing, by a proxy server, on thereceived URL information of the target webpage which carries theidentifier of requiring security authentication according to pre-storedwebpage security database information; if the security authentication ispassed, obtaining target webpage information and outputting the targetwebpage information to the user terminal; receiving and displaying, bythe user terminal, the target webpage information outputted by the proxyserver; wherein after the obtaining target webpage information, beforethe outputting the target webpage information to the user terminal, themethod further comprises: parsing the obtained target webpageinformation to obtain link jump information contained in the webpageinformation, performing security authentication, embodying authenticatedsecurity level information into the link jump information contained inthe target webpage information according to a pre-configured securityattribute labeling strategy.
 10. The method according to claim 9,wherein the performing, by a proxy server, on the received URLinformation of the target webpage which carries the identifier ofrequiring security authentication further comprises: determining, by theproxy server that the security authentication is not passed, andreturning a security authentication response result to the userterminal; receiving, by the user terminal, the security authenticationresponse result returned from the proxy server, determining to accessthe target webpage and initiating an access request to the proxy server,the access request including URL information of the target webpage whichcarries an identifier of mandatory access; receiving, by the proxyserver, the URL information of the target webpage which carries theidentifier of mandatory access, and performing the step of obtainingtarget webpage information and outputting the target webpage informationto the user terminal.
 11. The method according to claim 9, wherein thesecurity attribute labeling strategy comprises: a blacklist mechanismlabeling strategy in which a security attribute value is only added to atag of a URL having a security risk, a whitelisting mechanism labelingstrategy in which a security attribute value is only added to a tag of aURL having no security risk, and a hybrid list mechanism labelingstrategy in which a security attribute value is added to a tag of eachURL.